OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsrp message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [wsrp] initCookie perUser semantics


This is slightly off topic, so please excuse me.

As one of the resident Consumers in the TC, I have to point out that 
the whole issue of Cookies puts me in a bad spot. As an end-user I 
keep running into places where I have to re-enable cookies to get 
things I need or want and each time it raises my blood pressure a 
notch for a few minutes. I had hoped that by the time we got to v2.0 
cookies would have been retired, but I was way wrong about that. I 
also thought we would get to v2.0 last year, like the rest of us.

Clearly there are too many uses for a mechanism like cookies, but 
when I find myself getting my back up over them, I have to expect 
that I am hardly alone in the user community, so I find the necessity 
burdensome. I understand the necessity for a mechanism, I just hate 
that it is cookies, which I expect will only get worse as Ajax rolls 
over us. What we have is a very low, lowest common denominator for 
keeping track of end users in multi-step processes and we just keep 
using cookies because they are convenient.

Perhaps some of your companies might take up the issue of finding 
another mechanism, or founding a new TC to create a reliable, 
asynchronous, short-term, non-transferable or reusable client id 
mechanism or agent that is destroyed with its session. I, for one, 
would be happy to then allow a form of cookie only for a clearly 
prescribed, non-transferable, longer term client id mechanism usable 
only with specific, secure (wss user token?) client permission. I 
wish I could say that I believed clients would one day rise up and 
kill cookies, but I've been wrong in too many expectations to really 
believe that.

Now, as a consumer, I do need to point out that Consumers like rules, 
not choices. I may not like a rule, but at least I can rely on it, 
whereas a choice practically guarantees I will always choose the more 
inconvenient choice and waste time and deliver the wrong thing to 
both end user and producer.

Rex

At 7:33 AM -0500 3/31/06, Rich Thompson wrote:
>We already have the other semantics captured in AS023 & AS024. This 
>assertion could explicitly refer to them in the step 1 portion; 
>perhaps using:
>
>"If the Consumer uses a Producer who has set requiresInitCookie to a
>value other than "none", it shall:   1. Invoke initCookie from such a
>Producer for each new end-user in accordance with AS023 and AS024  
>2. Return the set cookie(s) only for this end-user
>(see AS006, AS023 and AS024)."
>
>This keeps the assertion focused on connecting the cookie back to a 
>particular end-user and leaves the semantics of cross-portlet 
>sharing of cookies entirely to the assertions focused on that issue.
>
>Rich
>
>Richard Jacob <richard.jacob@de.ibm.com>
>
>03/31/06 06:49 AM
>To
>Subbu Allamaraju <subbu@bea.com>
>cc
>OASIS WSRP TC <wsrp@lists.oasis-open.org>
>Subject
>Re: [wsrp] initCookie perUser semantics
>
>
>
>
>
>That's not correct.
>We need to consider the "perGroup" initCookie requirement.
>If the producer requires initCookie per group then the Consumer must invoke
>initCookie() once per User/per Group.
>I think the statement "If the Consumer uses a Producer who has set
>requiresInitCookie to a
>value other than "none", it shall:" is to generic and needs to consider
>every requiresInitCookie flag setting.
>
>Mit freundlichen Gruessen / best regards,
>
>        Richard Jacob
>______________________________________________________
>IBM Lab Boeblingen, Germany
>Dept.8288, WebSphere Portal Server Development
>WSRP Technical Lead
>WSRP Standardization
>Phone: ++49 7031 16-3469  -  Fax: ++49 7031 16-4888
>Email: mailto:richard.jacob@de.ibm.com
>
>
>                                                                          
>             Subbu Allamaraju                                              
>             <subbu@bea.com>                                              
>                                                                        To
>             03/30/06 07:17 PM         OASIS WSRP TC                      
>                                       <wsrp@lists.oasis-open.org>        
>                                                                        cc
>                                                                          
>                                                                   Subject
>                                       Re: [wsrp] initCookie perUser      
>                                       semantics                          
>                                                                          
>                                                                          
>                                                                          
>                                                                          
>                                                                          
>                                                                          
>
>
>
>
>I remember where I got my interpretation from. See AS007 in the
>conformance spreadsheet, which reads
>
>"If the Consumer uses a Producer who has set requiresInitCookie to a
>value other than "none", it shall:   1. Invoke initCookie for each
>portlet from such a Producer for each new end-user   2. Return the set
>cookie(s) only for this end-user (see AS006, AS023 and AS024)."
>
>We need to fix the first item. I suggest the following:
>
>"If the Consumer uses a Producer who has set requiresInitCookie to a
>value other than "none", it shall:   1. Invoke initCookie from such a
>Producer for each new end-user   2. Return the set cookie(s) only for
>this end-user (see AS006, AS023 and AS024)."
>
>Subbu
>
>Rich Thompson wrote:
>>
>>  I think the primary reason this question tends to come up is
>>  implementations that are mapping the portlet session to the http
>>  session, which is also the key many clustering systems use relative to
>>  repetitive routing to a node within the cluster. The solution which
>>  gives per portlet per user is to use a cookieProtocol of perGroup and
>>  then put each portlet in its own group. The spec is pretty clear that a
>>  cookieProtocol of perUser means once for each user, independent of the
>>  number of portlets accessed.
>>
>>  Rich
>>
>>
>>  *Richard Jacob <richard.jacob@de.ibm.com>*
>>
>>  02/07/06 09:40 AM
>>
>>
>>  To
>>             Subbu Allamaraju <subbu@bea.com>
>>  cc
>>             OASIS WSRP TC <wsrp@lists.oasis-open.org>
>>  Subject
>>             Re: [wsrp] initCookie perUser semantics
>>
>>
>>
>>
>>
>>
>>
>>
>>  it's once per all portlets or per group if required by producer.
>>  Also only per user if per user is really requested.
>>  It's not once per portet (otherwise the groups session thingie would not
>>  work).
>>
>>  Mit freundlichen Gruessen / best regards,
>>
>>         Richard Jacob
>>  ______________________________________________________
>>  IBM Lab Boeblingen, Germany
>>  Dept.8288, WebSphere Portal Server Development
>>  WSRP Team Lead & Technical Lead
>>  WSRP Standardization
>>  Phone: ++49 7031 16-3469  -  Fax: ++49 7031 16-4888
>>  Email: mailto:richard.jacob@de.ibm.com
>>
>>
>>
>>              Subbu Allamaraju
>
>>              <subbu@bea.com>
>>                                                                         To
>>              02/06/06 11:48 PM         OASIS WSRP TC
>>                                        <wsrp@lists.oasis-open.org>
>>                                                                         cc
>>
>>                                                                    Subject
>>                                        [wsrp] initCookie perUser semantics
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>  Could someone clarify if the initCookie operation should be called once
>>  per user's session for each portlet on a producer, or once for all
>>  portlets on a producer?
>>
>>   From earlier discussions, I vaguely recall that perUser implies that
>>  the initCookie should be called once per portlet per user's session on
>>  the consumer.
>>
>>  Thanks
>>
>>  Subbu
>>
>>  ---------------------------------------------------------------------
>>  To unsubscribe from this mail list, you must leave the OASIS TC that
>>  generates this mail.  You may a link to this group and all your TCs in
>>  OASIS
>>  at:
>>  https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>  >
>>
>>
>>
>>  ---------------------------------------------------------------------
>>  To unsubscribe from this mail list, you must leave the OASIS TC that
>>  generates this mail.  You may a link to this group and all your TCs in
>OASIS
>>  at:
>>  https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>>
>>
>>  --------------------------------------------------------------------- To
>>  unsubscribe from this mail list, you must leave the OASIS TC that
>>  generates this mail. You may a link to this group and all your TCs in
>>  OASIS at:
>>  https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
>---------------------------------------------------------------------
>To unsubscribe from this mail list, you must leave the OASIS TC that
>generates this mail.  You may a link to this group and all your TCs in
>OASIS
>at:
>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe from this mail list, you must leave the OASIS TC that
>generates this mail.  You may a link to this group and all your TCs in OASIS
>at:
>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
>--------------------------------------------------------------------- 
>To unsubscribe from this mail list, you must leave the OASIS TC that 
>generates this mail. You may a link to this group and all your TCs 
>in OASIS at: 
>https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php


-- 
Rex Brooks
President, CEO
Starbourne Communications Design
GeoAddress: 1361-A Addison
Berkeley, CA 94702
Tel: 510-849-2309


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]